Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
2.1.10
-
None
-
None
-
Portlets
Description
When running in the context of a request, MyFaces calls FacesContext.getCurrentInstance().getExternalContext.getSessionMap() in order to get/set session attributes. This provides the portlet bridge with the ability to get/set attributes using the PortletSession, which is a layer of abstraction on top of the HttpSession. But when a session expires, the org.apache.myfaces.config.ManagedBeanDestroyer.isManagedBean(String) method does not check the attribute name for a portlet environment. This causes a memory leak when running in a portlet environment, because the portlet bridge is not consulted. Specifically, @SessionScoped managed-beans are not cleaned up.
The good news is that Section PLT.18.3 of the Portlet 2.0 Specification titled "Binding Attributes into a Session" requires that PortletSession attribute names be namespaced/prefixed with the "javax.portlet.p.<ID>?" pattern when they are stored in the underlying HttpSession. This would enable MyFaces to find the session attributes, so that cleanup can take place correctly during session expiration/invalidation.
Here is the parallel issue in Mojarra:
http://java.net/jira/browse/JAVASERVERFACES-2691